The approaches described in this section could be pursued, but are not necessarily approaches that have been previously conceived or pursued. Therefore, unless otherwise indicated herein, the approaches described in this section are not prior art to the claims in this application and are not admitted to be prior art by inclusion in this section.
Network security refers to limiting access to a portion of a network to those that are entitled to have access. Computer networks have grown from a collection of linked computers to a platform for conducting business. Consequently, there is a need for securing a network from unauthorized users or hackers. Security is a pre-requisite for most, if not all computer networks. Corporate networks are configured in accordance with a security policy that changes rapidly to meet new business requirements. Changes to security policy typically require a reconfiguration of various devices in the network.
One past approach to providing network security involves the use of Access Control Lists (ACLs), which list the users or types of users that are entitled to access an associated portion of the network. ACLs are used for packet filtering on routers, and ACLs help implement the overall security policy. Most network security policies are an aggregation of the configuration of ACLs. A network security policy could be constructed by configuring ACLs on various interfaces of routers forming the network.
However, ACL based network security has many disadvantages. As a result of the dynamic nature of the network requirements, ACLs on routers often need to be reconfigured to suit new needs. Whether ACLs are used for allowing a new business partner to access certain parts of the network, adding a remote location to the network, or ensuring hackers are misled to Jail systems to track/log their activities, typically ACLs present on different routers in different parts of a corporate network are required to be reconfigured. A network administrator needs to have a good understanding of ACLs, their requirements, and the network to reconfigure the network elements related to security.
The security policies of the network, although very comprehensive and understandable on paper, become complicated and difficult to implement when they take the form of ACLs that are being updated or modified frequently and spread across the devices of the network. The ACLs complicate the network security administration and hence create a very error-prone platform for security administration. Changes to security policy may require reconfiguration of Access Control Entries (ACEs) present in ACLs spread across many routers. A misconfiguration could result in many problems such as a compromised network (which could be hard to detect) and data-outages.
Based on the foregoing, the inventors hereof have recognized a need for aids for configuring ACLs.